tree: 694b2b76c44b835daed452b28b72d8363786437d
  1. issue-tracker-config.md
  2. project.md
  3. README.md
  4. reviewer-roster.md
  5. stale-sweep-config.md
projects/non-asf-example/README.md

Table of Contents generated with DocToc

Velox Stream — non-ASF adopter profile fixture

This directory is a worked example of a non-ASF adopter profile. It does not represent a real project. Its purpose is to demonstrate and test acceptance criterion 3 of docs/specs/project-agnosticism.md:

A non-ASF profile can be declared without editing any skill body.

The fictional project — Velox Stream — is a community-governed stream-processing library hosted entirely on GitHub, using DCO contributor sign-off, GitHub Security Advisories for security intake, direct MITRE CVE allocation, and GitHub Releases for distribution. None of these choices require editing any skill body; each maps to a configuration flag or placeholder declared below.

What differs from an ASF profile

This fixture sets organization: independent and inherits the organizations/independent/ baseline, where an ASF project sets organization: ASF and inherits organizations/ASF/. The two organizations carry the differences below — the skills are identical:

DimensionASF defaultThis fixture (non-ASF)
GovernancePMC membership, ICLADCO sign-off, no formal governance body
CVE authorityASF VulnogramMITRE direct (mitre-form)
Security intakesecurity@<project>.apache.org emailGitHub Security Advisories (GHSA)
Mail archivePonyMail (lists.apache.org)None (no mailing lists)
Distributiondist.apache.org / closer.luaGitHub Releases
Announcementannounce@apache.org listGitHub Releases + Discussions
Project metadataapache-projects-mcpnone (maintainer-supplied roster)
Committer intakeICLA gate + ASF member voteDCO + maintainer team decision

Files

Smoke eval

tools/skill-evals/evals/non-asf-profile-smoke/ drives multiple skills through this profile and asserts that a non-ASF project can run the full framework without editing any skill body. Surfaces covered:

  1. Security intake (security-issue-import Step 3) — GHSA advisory, direct email, and automated-scanner inputs are classified without any ASF forwarder or mailing-list infrastructure.
  2. Release backend (release-prepare Step 0) — github-releases + pr-approval mechanism passes pre-flight; missing release-train blocks.
  3. Contributor governance (committer-onboarding Step 1) — DCO and no-CLA intake models skip ICLA/secretary-request steps.
  4. Reviewer routing (reviewer-routing Step 3) — reviewer-roster.md drives routing with no ASF PMC or Apache ID; area-match and load-aware fallback both work against the independent organization profile.
  5. Issue management (issue-stale-sweep Steps 1 and 3) — GitHub Issues and non-ASF label names work without PMC roster or PonyMail.